Tuesday, January 28, 2014

Avoid Tax Fraud and Identity Theft: Tips from a Professional

ID theft, identity theft, tax fraud, information securityOnce again, it’s about time to talk about tax fraud. Yes, I know. Every year around this time, just about every information security blog brings it up—you know, how it’s really fraud, how identity theft really happens, and how it could happen to you.

Well…it is, it does, and it could.

But I’ll eschew the scary tax fraud stories this time and just give everyone some practical tips they can use. Last year, a local tax accountant provided us with some really good, basic advice to provide to readers and clients on the subject. It was well received, so I’m going to post it again.

Tuesday, January 14, 2014

When Ego Gets in the Way: Infosec at the Top

So, I try to be pretty fair when it comes to information security issues. I mean, everyone’s human, right? Everyone makes mistakes. And often, for the average Joe in an office, mistakes are the result of poor security awareness training or a general lack of knowledge about the threats of social engineering, phishing, or the danger-of-the-week (you name it).

data security, information security, security awareness training
But then there are those folks that just let their egos get in the way of security. According to a recent study by Sroz Friedberg, senior managers may be the worst when it comes to protecting sensitive information.

Review these disturbing statistics:

  • 9 in ten senior managers upload work files to personal accounts 
  • 58% of the managers studied accidentally sent sensitive information to the wrong person. 
  • 51% took files containing sensitive information with them after leaving a job. 

The study goes on to suggest that people in management positions are more likely to flout the rules regarding information security because they’re under pressure, because they’re super busy—and because some have a serious attitude problem.

Thursday, January 9, 2014

Cyberwarfare, ID Theft, and Social Engineering: What's It All Mean?

Read an interesting article at CIO the other day: “Talk of Cyberwarfare Meaningless to Most Companies.” And it got me thinking…how much of what we do and say as security companies goes over the average company’s head (or better yet, in one ear and out the other)?

Think about “cyberwarfare” for a minute. Does it mean going to war with other nations using robots and computers? Is it when a terrorist brings down the Internet? Does it even matter to me? Or my business? Or my industry?

The reality is that cyberwarfare is a danger because bad people can use technical resources and systems to disrupt legitimate businesses and prevent them from performing their core work.

In a way, the term "cyberwarfare" falls into the same category as "identity theft.” It sounds really scary, but many regular people (even managers and business owners) don’t really know how it is executed, and with what tools and upon whom it is executed. Most people don't know what to do to protect themselves besides signing up for Lifelink.

Or how about “social engineering,” one of the most misunderstood terms in our security vocabulary. Internationally, it’s understood as a way to analyze and influence social systems. But in the security community, it describes con artists who use social situations (phone conversations, office visits, etc) to commit crimes. It’s real. It’s a major threat. But folks don’t understand it, so they don’t worry about it.

This lack of knowledge results in major complacency. Companies do not feel PERSONALLY threatened by identity theft or a social engineering attack—but they should. Executives need to educate themselves on the true impact to corporations and then educate their employees. 

Cyberwarfare, identity theft, social engineering—these are real threats with real every day impact on real people. They are not just international news headlines.

So security companies and IT professionals: it’s time to be louder. Time to be bolder. Maybe most importantly, it’s time to learn to speak the language of small and mid-range businesses with limited budgets and even more limited time. This is how we raise awareness.

We’ve got our work cut out for us.

More About Corporate Security